Login pages loading from thum.io
22 Aug, 2023
40 weeks ago
A tactic used by phishing sites targeting corporate email accounts, is to load a screenshot of the email domain to use as a background.
thum.io is one service used by phishers for this purpose. Because this service requires an API key, you can use the API key to cluster phishing sites by threat actor: https://image.thum.io/get/auth/
Activity
Matching hosts (daily)
Filters
Filters , active
- http://ipfs.io/ipfs/bafkreibzefnr5dt4mrfc673rbcpflqt6vp3tpbhayxvpsqknzkm27gp7bi
- Screenshot
- Scanned
- 5 weeks ago
- https://ipfs.io/ipfs/bafkreiexhmhbbvbpfxsjxuufhi4tpzg55le3n3nw6525x7dayduvqz43ru
- Screenshot
- Scanned
- 5 weeks ago
- https://ipfs.io/ipfs/bafkreicrk4oanxbag3nqxnj5mkus7bow3k3g3zqop7rn4xllfu4zpxf7k4#x
- Screenshot
- Scanned
- 5 weeks ago
- http://ipfs.io/ipfs/bafkreibh4v3yk7w4mlnvnrbicsftdj7fhzgaply2iei45neobwmhwdi4uu#[email protected]
- Screenshot
- Scanned
- 5 weeks ago
- http://cniresearch.shop/1/#[email protected]
- Screenshot
- Scanned
- 6 weeks ago
- https://r.info.balkanprime.tours/tr/cl/-gcKBVKqFyayT2UUBPGyWgPYgt9fGgJF-QlAsFav6YOGKZ1CJjCJ4ci6BIM9WYIBeF6K33-J1ga7kAIB4e9zZZFXLi3Fy33F-by9232tpiMMJhUkXBx2Lz9PG0WAxSL9Qlt2pKZOLfkijbVOGYy9z-ZpRbnpnWj6yWd0Twzabnd7ornbVW7H-OPLDaZfx6PW4lwXp1ldiWxBlwdAbYGNoWV-DRX1VpcPy1fp_jz4OJFhozUix-ahbIzVzCYx3Szl1CqFJn24-YcYDkRswiNwnHeY8IrXVb-L5teVQhEak-VhCXExkIlcDgSwqOsCcVRqthvi9VgdRrGYHNpUlmrfq2OO2Kr_hFxdiozI2YqmJOtlLGbq8QOHM6Wemn12JBaOdmfBks4
- Screenshot
- Scanned
- 6 weeks ago
title: Login pages loading from thum.io
description: |
A tactic used by phishing sites targeting corporate email accounts,
is to load a screenshot of the email domain to use as a background.
[thum.io](https://thum.io) is one service used by phishers for this purpose.
Because this service requires an API key, you can use the API key to cluster phishing sites
by threat actor: https://image.thum.io/get/auth/<api key>
level: potentially_malicious
detection:
selection:
title|contains:
- Login
- Authentication
requests|startswith: https://image.thum.io/
condition: selection